Confirmed users
110
edits
Apps/Security: Difference between revisions
→Proposals
| Line 16: | Line 16: | ||
== Proposals == | == Proposals == | ||
=== App instance / version === | |||
* March 14, 2012 | |||
* Possible definitions of what an app instance / version is | |||
*# a static bundle of code authenticated by manifest + signature (or equivalent) | |||
*# a dynamic stream of code authenticated by a specific origin (same origin applied, all assets must be loaded from https://<a host>) | |||
*# an initial loader authenticated by a specific origin (https://<a host>), which can then load whatever it wants | |||
*# unauthenticated code loaded over any channel, from any origin | |||
* loosely ordered from best to worst (descending) security wise | |||
* 1) and 2) could work with additional security mitigations | |||
* attacker can use option 2) as a proxy for malicious content | |||
* attacker can use option 2) as proxy to paid app (buy once, share with world) | |||
** mitigation for this may be responsibility of app developer | |||
* CSP can secure 1) and 2) to an extent | |||
** define baseline CSP policy that apps have to adopt | |||
* See [https://www.adobe.com/devnet/air/articles/introduction_to_air_security.html Intro to AIR security] | |||
=== Trusted store with permissions delegation === | === Trusted store with permissions delegation === | ||
* Mozilla (telco store) acts as an authority for permissions requests | * Mozilla (telco store) acts as an authority for permissions requests | ||